Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Kibana, a popular open-source data visualization and exploration tool, has identified a critical security flaw that could allow attackers to execute arbitrary code.

This vulnerability, tracked as CVE-2024-37287, has a CVSSv3 severity rating of 9.9, indicating its critical nature.

CVE-2024-37287 – Vulnerability Details

The flaw arises from a prototype pollution vulnerability that can be exploited by attackers with access to Machine Learning (ML) and Alerting connector features and write access to internal ML indices.

Exploiting this vulnerability allows attackers to execute arbitrary code, posing significant security risks, as reported by Elastic Cloud.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Affected Environments

The vulnerability affects various Kibana environments, including:

  • Self-managed Kibana installations on host Operating Systems
  • Self-managed Kibana instances running the Kibana Docker image: The Remote Code Execution (RCE) is confined within the container, and seccomp-bpf prevents further exploitation, such as container escape.
  • Kibana instances on Elastic Cloud: RCE is limited within the Kibana Docker container, with additional protections provided by seccomp-bpf and AppArmor profiles.
  • Kibana instances on Elastic Cloud Enterprise (ECE): Similar to Elastic Cloud, the RCE is contained within the Docker container, with seccomp-bpf and AppArmor profiles preventing further exploitation.
  • Kibana instances on Elastic Cloud on Kubernetes (ECK): The RCE remains within the Docker container, and seccomp-bpf can prevent further exploitation when configured and supported (Kubernetes v1.19 and later).

Affected Versions

Kibana Version Status
8.x < 8.14.2 Affected
7.x < 7.17.23 Affected

To mitigate the risk posed by this vulnerability, users are strongly advised to upgrade to Kibana version 8.14.2 or 7.17.23 as soon as possible. These versions contain the necessary patches to address the flaw.

This critical vulnerability underscores the importance of timely software updates and robust security practices. Organizations using Kibana should prioritize upgrading to the latest versions to safeguard their systems against potential exploitation.

Users can refer to the official Kibana documentation and security advisories for more detailed information and guidance.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access